[SECURITY] [DSA 3378-1] gdk-pixbuf security update

2015-10-2420:44:45

lists.debian.org

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

Debian Security Advisory DSA-3378-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
October 24, 2015 https://www.debian.org/security/faq

Package : gdk-pixbuf
CVE ID : CVE-2015-7673 CVE-2015-7674

Several vulnerabilities have been discovered in gdk-pixbuf, a toolkit
for image loading and pixel buffer manipulation. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2015-7673

Gustavo Grieco discovered a heap overflow in the processing of TGA
images which may result in the execution of arbitrary code or denial
of service (process crash) if a malformed image is opened.

CVE-2015-7674

Gustavo Grieco discovered an integer overflow flaw in the processing
of GIF images which may result in the execution of arbitrary code or
denial of service (process crash) if a malformed image is opened.

For the oldstable distribution (wheezy), these problems have been fixed
in version 2.26.1-1+deb7u2.

For the stable distribution (jessie), these problems have been fixed in
version 2.31.1-2+deb8u3.

For the testing distribution (stretch), these problems have been fixed
in version 2.32.1-1 or earlier.

For the unstable distribution (sid), these problems have been fixed in
version 2.32.1-1 or earlier.

We recommend that you upgrade your gdk-pixbuf packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8s390xlibgdk-pixbuf2.0-0< 2.31.1-2+deb8u3libgdk-pixbuf2.0-0_2.31.1-2+deb8u3_s390x.deb
Debian8armhflibgdk-pixbuf2.0-0-dbg< 2.31.1-2+deb8u3libgdk-pixbuf2.0-0-dbg_2.31.1-2+deb8u3_armhf.deb
Debian8armhflibgdk-pixbuf2.0-0-udeb< 2.31.1-2+deb8u3libgdk-pixbuf2.0-0-udeb_2.31.1-2+deb8u3_armhf.deb
Debian6amd64gtk2.0-examples< 2.20.1-2+deb6u2gtk2.0-examples_2.20.1-2+deb6u2_amd64.deb
Debian7s390xgir1.2-gdkpixbuf-2.0< 2.26.1-1+deb7u2gir1.2-gdkpixbuf-2.0_2.26.1-1+deb7u2_s390x.deb
Debian7i386gir1.2-gdkpixbuf-2.0< 2.26.1-1+deb7u2gir1.2-gdkpixbuf-2.0_2.26.1-1+deb7u2_i386.deb
Debian6i386libgail-dev< 2.20.1-2+deb6u2libgail-dev_2.20.1-2+deb6u2_i386.deb
Debian7armellibgdk-pixbuf2.0-0-udeb< 2.26.1-1+deb7u4libgdk-pixbuf2.0-0-udeb_2.26.1-1+deb7u4_armel.deb
Debian7s390libgdk-pixbuf2.0-dev< 2.26.1-1+deb7u2libgdk-pixbuf2.0-dev_2.26.1-1+deb7u2_s390.deb
Debian7armhflibgdk-pixbuf2.0-dev< 2.26.1-1+deb7u4libgdk-pixbuf2.0-dev_2.26.1-1+deb7u4_armhf.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	s390x	libgdk-pixbuf2.0-0	< 2.31.1-2+deb8u3	libgdk-pixbuf2.0-0_2.31.1-2+deb8u3_s390x.deb
Debian	8	armhf	libgdk-pixbuf2.0-0-dbg	< 2.31.1-2+deb8u3	libgdk-pixbuf2.0-0-dbg_2.31.1-2+deb8u3_armhf.deb
Debian	8	armhf	libgdk-pixbuf2.0-0-udeb	< 2.31.1-2+deb8u3	libgdk-pixbuf2.0-0-udeb_2.31.1-2+deb8u3_armhf.deb
Debian	6	amd64	gtk2.0-examples	< 2.20.1-2+deb6u2	gtk2.0-examples_2.20.1-2+deb6u2_amd64.deb
Debian	7	s390x	gir1.2-gdkpixbuf-2.0	< 2.26.1-1+deb7u2	gir1.2-gdkpixbuf-2.0_2.26.1-1+deb7u2_s390x.deb
Debian	7	i386	gir1.2-gdkpixbuf-2.0	< 2.26.1-1+deb7u2	gir1.2-gdkpixbuf-2.0_2.26.1-1+deb7u2_i386.deb
Debian	6	i386	libgail-dev	< 2.20.1-2+deb6u2	libgail-dev_2.20.1-2+deb6u2_i386.deb
Debian	7	armel	libgdk-pixbuf2.0-0-udeb	< 2.26.1-1+deb7u4	libgdk-pixbuf2.0-0-udeb_2.26.1-1+deb7u4_armel.deb
Debian	7	s390	libgdk-pixbuf2.0-dev	< 2.26.1-1+deb7u2	libgdk-pixbuf2.0-dev_2.26.1-1+deb7u2_s390.deb
Debian	7	armhf	libgdk-pixbuf2.0-dev	< 2.26.1-1+deb7u4	libgdk-pixbuf2.0-dev_2.26.1-1+deb7u4_armhf.deb